package com.itheima.health.config;

import com.itheima.health.security.SecurityUserDetails;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


/*
 @EnableGlobalMethodSecurity(prePostEnabled = true)可以在任意地方开启
 */

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启scrutiny注解配置
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private SecurityUserDetails securityUserDetails;

    @Override
    public void configure(HttpSecurity http)throws Exception{

        //配置登录相关内容
        http.formLogin().loginPage("http://localhost:8080/pages/login.html")//登录的页面
                .loginProcessingUrl("/sec/login")
                .successForwardUrl("/user/loginSuccess")//登录成功请求转发地址
                .failureForwardUrl("/user/loginFail");//登录失败请求转发地址
        //如果使用我们自己定义的页面，需要关闭防止csrf的攻击验证，否则我们的页面需要加入对应的复杂逻辑
        http.csrf().disable();

        //配置登出的相关内容
        http.logout().logoutUrl("/sec/logout")//配置登出的接口
                .logoutSuccessUrl("http://localhost:8080/pages/login.html")//配置登出之后跳转的页面
                .invalidateHttpSession(true);//登出之后销毁session

        //配置权限不足时跳转的页面
        //http.exceptionHandling().accessDeniedPage("http://localhost:8080/pages/login.html");
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
//         设置自定义的UserDetailService
        auth.userDetailsService(securityUserDetails);
    }
}
